Possible SQL injections
@hadess
Submitted by Bastien Nocera Assigned to gri..@..e.bugs
Link to original bug (#673912)
Description
Using git master. Looks like missing escaping.
(grilo-test-ui:24869): Grilo-WARNING **: [metadata-store] grl-metadata-store.c:230: Failed to get metadata: unrecognized token: "' LIMIT 1"
#0 0x00007ffff649ec0c in g_logv (log_domain=0x7ffff6f91545 "Grilo", log_level=G_LOG_LEVEL_WARNING, format=0x7ffff6f91606 "[%s] %s: %s", args1=0x7fffffffd228) at gmessages.c:758
#1 0x00007ffff649ed00 in g_log (log_domain=0x7ffff6f91545 "Grilo", log_level=G_LOG_LEVEL_WARNING, format=0x7ffff6f91606 "[%s] %s: %s") at gmessages.c:792
#2 0x00007ffff6f854ac in grl_log_valist (domain=0x973c80, level=GRL_LOG_LEVEL_WARNING, strloc=0x7fffe1b136aa "grl-metadata-store.c:230", format=0x7fffe1b1368f "Failed to get metadata: %s", args=0x7fffffffd388) at grl-log.c:293
#3 0x00007ffff6f8556c in grl_log (domain=0x973c80, level=GRL_LOG_LEVEL_WARNING, strloc=0x7fffe1b136aa "grl-metadata-store.c:230", format=0x7fffe1b1368f "Failed to get metadata: %s") at grl-log.c:309
#4 0x00007fffe1b122e5 in query_metadata_store (db=0x974898, source_id=0xb66400 "grl-filesystem", media_id=0xb4ad90 "/home/hadess/File with ' in it.mov") at grl-metadata-store.c:230
#5 0x00007fffe1b1303d in grl_metadata_store_source_resolve (source=0x974710, rs=0xb692a0) at grl-metadata-store.c:615
#6 0x00007ffff6f7bc13 in resolve_idle (user_data=0xb692a0) at grl-metadata-source.c:398
#7 0x00007ffff649780d in g_idle_dispatch (source=0xb68900, callback=0x7ffff6f7bbb1 <resolve_idle>, user_data=0xb692a0) at gmain.c:4634
#8 0x00007ffff64950b7 in g_main_dispatch (context=0x65a230) at gmain.c:2515
#9 0x00007ffff6495d78 in g_main_context_dispatch (context=0x65a230) at gmain.c:3052
#10 0x00007ffff6495f5b in g_main_context_iterate (context=0x65a230, block=1, dispatch=1, self=0x9264d0) at gmain.c:3123
#11 0x00007ffff6496384 in g_main_loop_run (loop=0xa8d5d0) at gmain.c:3317
#12 0x00007ffff7a6bb6e in gtk_main () at gtkmain.c:1161
#13 0x000000000040b083 in main (argc=1, argv=0x7fffffffd798) at main.c:2127
Version: git master